Cottage CMS

Privacy Policy

Last updated: August 26, 2025

Our Privacy Commitment

At Cottage CMS, we understand that your privacy is essential to building trust. As a platform designed specifically for cottage food entrepreneurs, we're committed to protecting your personal information and being transparent about how we collect and use your data.

1. Information We Collect

Personal Information You Provide

  • Account Information: Name, email address, business name, and contact details when you create an account
  • Phone Numbers: Mobile phone numbers you provide for SMS notifications, account security, and order updates (for both your account and your customers' accounts)
  • Payment Information: Billing address and payment details (processed securely through Square - we do not store credit card numbers)
  • Subscription Details: Plan type (Free, Pro, Lifetime), trial status, and billing history
  • Website Content: Text, images, product information, and other content you upload to your cottage food website
  • Communications: Messages you send us through support channels, feedback forms, or email
  • Business Information: Details about your cottage food business, state location, and compliance requirements
  • Verification Data: Security verification responses through Cloudflare Turnstile

Information We Collect Automatically

  • Usage Data: How you interact with our platform, features used, and time spent
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Analytics Data: Website performance metrics, error logs, and usage patterns via Google Analytics and Cloudflare Analytics
  • Conversion Tracking: Marketing conversion data through Meta Pixel for registration and purchase events
  • Cookies and Tracking: Session cookies for functionality, analytics cookies for service improvement, and marketing cookies for conversion tracking

2. Free Plan Advertising

Important Notice for Free Plan Users

If you use our Free Plan, we reserve the right to display relevant industry advertisements on your website in the future. This helps us provide free services while supporting the cottage food community.

  • • Ads will be clearly marked and relevant to cottage food businesses
  • • Your personal data will not be shared with advertisers
  • • Pro and Lifetime plans are completely ad-free
  • • We will notify Free Plan users before implementing advertising

3. SMS and Text Messaging

SMS Service Overview

Cottage CMS provides SMS/text messaging capabilities in two ways:

  • 1. Platform Notifications: We may send you text messages about your Cottage CMS account, billing, security alerts, and service updates
  • 2. Customer Communications: Your cottage food website can send text messages to your customers for order confirmations, shipping updates, and marketing (with their consent)

Types of SMS Messages

Transactional Messages

These messages do not require opt-in consent as they relate to your service or orders:

  • • Account verification and security alerts
  • • Order confirmations and receipts
  • • Shipping and delivery notifications
  • • Payment and billing updates
  • • Service disruption notices
  • • Password reset requests

Marketing Messages

These messages require your explicit written consent:

  • • Promotional offers and discounts
  • • New product announcements
  • • Event invitations and updates
  • • Newsletters and tips
  • • Seasonal greetings and special occasions
  • • Abandoned cart reminders

Consent and Opt-In Requirements

TCPA Compliance: We comply with the Telephone Consumer Protection Act (TCPA) and CTIA guidelines for all SMS communications.

  • Marketing SMS: Before receiving any marketing text messages, you (or your customers) must provide prior express written consent by:
    • • Checking an opt-in box on a web form
    • • Texting a keyword to our number (e.g., "JOIN" to subscribe)
    • • Verbally agreeing during a phone call (recorded for compliance)
  • One-to-One Consent: Consent is specific to the business sending messages and cannot be shared with affiliates or partners
  • Consent Disclosure: When opting in, you will be informed of:
    • • The business name sending messages
    • • Expected message frequency (e.g., "Up to 4 msgs/month")
    • • Notice that message and data rates may apply
    • • How to opt-out (Reply STOP) and get help (Reply HELP)
    • • Link to this privacy policy and SMS terms

Message Frequency and Costs

  • Platform Messages: Infrequent - only for critical account updates, billing issues, or security alerts (approximately 1-2 messages per month)
  • Customer Order Messages: Varies based on order activity - typically 2-4 messages per order (order confirmation, shipping, delivery)
  • Marketing Messages: Frequency disclosed at opt-in time and varies by campaign (e.g., "Up to 4 msgs/month" or "2 msgs/week")
  • Data Rates: Message and data rates may apply based on your mobile carrier plan. We do not charge for SMS messages, but your carrier may

How to Opt-Out and Get Help

To Stop Messages (Opt-Out)

Reply to any message with any of these keywords:

  • STOP
  • QUIT
  • UNSUBSCRIBE
  • CANCEL
  • END

You will receive a confirmation message and no further texts from that number. Opt-out requests are processed immediately (typically within minutes, but no later than 10 days as required by TCPA).

To Get Help

Reply to any message with:

  • HELP
  • INFO

You will receive information about the SMS program, customer support contact details, and how to opt-out.

For additional support, email us at hello@cottagecms.com

SMS Service Providers and Data Sharing

  • Third-Party SMS Provider: We use Sinch as our trusted SMS gateway provider to deliver text messages on our behalf. Sinch is a leading communications platform provider that helps us ensure reliable message delivery
  • Data Transmitted: Only your phone number, name (if provided), and message content are shared with Sinch for delivery purposes. Sinch processes this data solely to transmit your messages and does not use it for any other purpose
  • No Selling or Renting: We do not sell, rent, or share your phone number or SMS opt-in status with third parties for their marketing purposes. Your SMS consent data remains confidential and is never shared with advertisers or marketers
  • Carrier Information: Your mobile carrier may receive technical data related to message delivery but will not have access to your consent status or personal preferences

Important Limitations

  • Time Restrictions: Marketing messages will not be sent before 8:00 AM or after 9:00 PM in your local time zone, in compliance with TCPA regulations
  • Carrier Compatibility: SMS service is available for U.S. mobile phone numbers from participating carriers. Some carriers or prepaid plans may not support all message types
  • Delivery Guarantee: While we make every effort to ensure delivery, message delivery is not guaranteed due to factors outside our control (network issues, phone settings, etc.)

Your SMS Privacy Rights

  • Access Your Data: Request a copy of your SMS opt-in records and message history
  • Update Your Number: Change or update your phone number in your account settings
  • Delete Your Data: Request deletion of your phone number and SMS communication history (subject to legal retention requirements)
  • Opt-Out Anytime: You may opt-out of SMS communications at any time without penalty - your access to services will not be affected
  • No Discrimination: Opting out of marketing messages will not affect your ability to use our platform or receive transactional messages

4. How We Use Your Information

Service Delivery

  • • Create and maintain your website
  • • Process payments and billing
  • • Provide customer support
  • • Send service-related notifications via email and SMS
  • • Send transactional SMS for account security and order updates
  • • Backup and secure your data

Platform Improvement

  • • Analyze usage patterns
  • • Develop new features
  • • Fix bugs and improve performance
  • • Personalize your experience
  • • Ensure platform security

Communication

  • • Send important account updates via email and SMS
  • • Share cottage food industry insights
  • • Provide educational content
  • • Announce new features
  • • Send marketing SMS messages (only with your explicit consent)
  • • Respond to your inquiries

Legal Compliance

  • • Meet regulatory requirements
  • • Prevent fraud and abuse
  • • Enforce our terms of service
  • • Protect user safety
  • • Respond to legal requests

5. Information Sharing and Disclosure

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

We may share your information only in these situations:

  • Service Providers: Trusted third parties who help us operate our platform:
    • Square for payment processing and subscription management
    • Cloudflare for security, performance, and content delivery
    • Resend for transactional email delivery
    • Sinch for SMS/text message delivery (phone numbers and message content only)
    • Google Analytics for usage analytics
    • Meta for conversion tracking (anonymized)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Protection: To protect our rights, prevent fraud, or ensure platform security
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (with advance notice)
  • Your Consent: When you explicitly agree to share information for specific purposes

Public Information

Content you publish on your cottage food website (product descriptions, business information, photos) will be publicly visible to your customers. You control what information is made public through your website settings.

6. Data Security

We implement industry-standard security measures to protect your information:

Technical Safeguards

  • • SSL/TLS encryption for data transmission
  • • Encrypted data storage
  • • Regular security updates and patches
  • • Secure authentication systems
  • • Automated backup systems

Operational Safeguards

  • • Limited access to personal data
  • • Employee privacy training
  • • Regular security assessments
  • • Incident response procedures
  • • Data retention policies

While we implement strong security measures, no method of transmission over the internet is 100% secure. We continuously work to improve our security practices and will notify you of any significant data breaches as required by law.

7. Your Privacy Rights

You have the following rights regarding your personal information:

🔍 Access and Portability

Request a copy of your personal information and download your website data at any time through your account settings.

✏️ Correction and Updates

Update your personal information directly in your account or contact us to correct any inaccuracies.

🗑️ Deletion

Request deletion of your account and personal information (subject to legal retention requirements for business records).

📧 Communication Preferences

Opt out of marketing emails and SMS messages while continuing to receive essential service communications. For email, use unsubscribe links. For SMS, reply STOP to any message.

📱 SMS Opt-Out Rights

You can opt-out of SMS messages at any time by replying STOP, QUIT, CANCEL, UNSUBSCRIBE, or END to any text message. Opt-out requests are processed immediately. You will not be charged for the STOP message. Opting out will not affect your access to platform services or transactional notifications.

To exercise these rights, contact us at privacy@cottagecms.comor use the privacy controls in your account settings.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to improve your experience:

Essential Cookies

Required for basic functionality:

  • • Authentication and login sessions
  • • Security features and fraud prevention
  • • Shopping cart for subscription purchases

Analytics & Marketing Cookies

Help us improve our service:

  • • Google Analytics (_ga, _gid) for usage statistics
  • • Meta Pixel (fbp, fbc) for conversion tracking
  • • Cloudflare Analytics for performance monitoring

Third-Party Services

These services may set their own cookies:

  • Square: Payment processing and fraud prevention
  • Cloudflare: Security and performance optimization
  • Google Analytics: Anonymous usage analytics
  • Meta Pixel: Marketing attribution (can be opted out)

You can control cookie settings through your browser preferences. Disabling essential cookies may affect platform functionality. To opt out of marketing cookies, visit aboutads.info.

9. Data Retention

We retain your information for different periods based on its purpose:

  • Account Data: Retained while your account is active and for 90 days after deletion for recovery purposes
  • Phone Numbers & SMS Consent: Retained while account is active and for 10 days after opt-out to honor compliance requirements. Message content is not stored beyond delivery confirmation
  • SMS Opt-Out Records: Maintained indefinitely to ensure we never re-contact opted-out numbers, as required by TCPA
  • SMS Message Logs: Delivery confirmation data (timestamp, recipient number, delivery status) retained for 1 year for compliance auditing and dispute resolution
  • Free Plan Content: May be deleted after 6 months of inactivity with 30 days notice
  • Pro/Lifetime Content: Retained indefinitely while account is active
  • Payment Records: Kept for 7 years for tax and legal compliance purposes
  • Subscription History: Retained indefinitely for trial eligibility tracking
  • Analytics Data: Aggregated data retained indefinitely; personal identifiers removed after 2 years
  • Support Communications: Retained for 3 years to improve customer service
  • Security Logs: Retained for 1 year for security and fraud prevention

10. Children's Privacy

Cottage CMS is designed for cottage food entrepreneurs. While some states allow minors to operate cottage food businesses, our platform requires special handling for users under 18:

For Minor Operators (Under 18)

  • • Parent or guardian must create and manage the account
  • • We collect information from the parent/guardian, not directly from minors
  • • Parent/guardian consent is required for all account activities
  • • Parents may request deletion of their child's information at any time

COPPA Compliance: For operators under 13, we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information directly from children under 13. All account management must be done by a parent or legal guardian.

11. International Users

Cottage CMS is based in the United States and our servers are located in the US. If you access our service from outside the US, your information will be transferred to, stored, and processed in the United States.

We comply with applicable international privacy laws and provide appropriate protections for cross-border data transfers.

12. California Privacy Rights (CCPA)

For California Residents

Under the California Consumer Privacy Act (CCPA), you have additional rights:

Right to Know

Request information about the personal data we collect, use, and share

Right to Delete

Request deletion of your personal information (subject to legal exceptions)

Right to Opt-Out

We do not sell personal information, but you can opt-out of marketing cookies

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights

To exercise these rights, email us at hello@cottagecms.com. We will respond within 45 days.

Categories of Information We Collect

  • Identifiers (name, email, IP address)
  • Commercial information (purchase history, subscription details)
  • Internet activity (usage data, cookies)
  • Geolocation data (state location for compliance)
  • Professional information (business details)

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on consent, contract performance, or legitimate interests
  • Data Portability: Receive your data in a structured, machine-readable format
  • Rectification: Request correction of inaccurate personal data
  • Restriction: Request restriction of processing in certain circumstances
  • Object: Object to processing based on legitimate interests
  • Automated Decision Making: Right not to be subject to solely automated decisions

For GDPR requests, contact our Data Protection Officer at dpo@cottagecms.com.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • Notify you by email of significant changes
  • Post the updated policy on our website with the effective date
  • Continue to honor the policy that was in place when you provided your information
  • Provide at least 30 days notice for material changes

15. Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us:

General Privacy Questions

Email: hello@cottagecms.com
Response time: Within 48 hours

Data Rights Requests

Email: hello@cottagecms.com
Response time: Within 30 days

Last Updated: November 7, 2025
Effective Date: November 7, 2025
This policy applies to all current and future users of Cottage CMS.